在全球資訊科技發展快速的情形下,對於資安議題也更加重視,除了技術上的防護之外,近年來逐漸重視於人員上的管理,過去組織內資訊安全管理的研究大多從威嚇的角度出發,但對於威嚇後所產生的資安成果卻仍然不見得十分一致,因此本研究以控制理論為基礎,應用威嚇理論作為組織的正式控制同時加上非正式控制,探討不同的調節焦點對於組織控制與員工資訊安全政策順從意圖間關係的影響。調查對象依據天下雜誌2014與2015年5月的2000大企業調查,以紙本問卷的形式發放,總計有213份有效問卷。研究結果發現偵測確定性、懲罰嚴重性對資訊安全政策順從意圖有正向顯著影響,員工的預防焦點會正向增加偵測確定性對資訊安全政策順從意圖的影響,員工的預防焦點會正向增加懲罰嚴重性對資訊安全政策順從意圖的影響,員工的促進焦點會正向增加非正式控制對資訊安全政策順從意圖的影響,非正式控制對資訊安全政策順從意圖沒有正向顯著影響。 With the rapid development of global information technology, information security issues become more important. In addition to technical protection, organizations put emphasis on management in recent years. A great deal of literature has shown the importance of personnel management on information security. Previous information security studies mainly based on the perspective of sanctions; however, these studies have inconsistent results of deterrence effect. In view of this, based on the control theory and deterrence theory, the study tries to understand the effect of different regulatory focus on the relationships between deterrence, informal control and information security policy compliance intention. The sampling frame is the employees work in top 2000 companies listed in Common Wealth Magazine. We got a total of 213 valid questionnaires. The results found that detection certainty and punishment severity positively affects information security policy compliance intention. Prevention focus positively moderates the relationship between detection certainty and information security policy compliance intention. Prevention focus positively moderates the relationship between punishment severity and information security policy compliance intention. Promotion focus positively moderates the relationship between informal control and information security policy compliance intention. Informal control has no significant effect on information security policy compliance intention.